SlideShare a Scribd company logo

Cornerstone of Privacy, Compliance and Information Security Management

Download as PPTX, PDF
N
Natalie Thorpe

- The document discusses the importance of effective policy management for governance, risk, and compliance (GRC). It outlines key challenges such as change, inconsistency, and lack of user engagement. - An effective policy management lifecycle includes determining needs, developing/approving policies, communicating/training, monitoring/enforcing, and measuring/maintaining policies. Technology can help address issues like an inconsistent user experience and lack of auditable records. - Maturity in policy management progresses from an ad hoc approach to a more integrated, agile system with centralized oversight and accountability. Technology, information architecture, and user experience are important enablers of effective policy management.

Technology
1 of 32
2© all rights reserved, www.GRC2020.com James Mackay, Chief Revenue Officer Michael Rasmussen, J.D., GRCP, CCEP GRC Pundit
3© all rights reserved, www.GRC2020.com Key Takeaways: - User engagement is a critical part of a successful policy management system - Consistency is critical to define clear rules of approach to Policy creation - Policy awareness enables a dialogue on important issues that can typically be forgotten in the day to day running of a business - Policy management has become a critical part of organisational oversight
Policies Cornerstone of Privacy, Compliance and Information Security Management Michael Rasmussen, J.D., GRCP, CCEP The GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.OCEG.org
5© all rights reserved, www.GRC2020.com Policy Management Pressures • Brainstorm all potential stakeholders, individuals and groups associated with the project. ETHICS THREATS MEDIA PCI DSS IT PROJECTS RELIABLY ACHIEVE OBJECTIVES REPUTATION & BRAND
6© all rights reserved, www.GRC2020.com Realize that everything connects to everything else. Leonardo da Vinci
7© all rights reserved, www.GRC2020.com The Chaos of Risk Interconnectedness
8© all rights reserved, www.GRC2020.com Change is the Greatest Challenge Impacting Policy Management
9© all rights reserved, www.GRC2020.com … Confusing Policy Management User Experience
10© all rights reserved, www.GRC2020.com Policy Discovery & Inventory: Do You Know Where Your Policies Are?
11© all rights reserved, www.GRC2020.com Titelmasterformat durch Klicken bearbeiten GRC is the integrated collection of capabilities that enable an organization to: G) reliably achieve objectives R) while addressing uncertainty and C) acting with integrity. SOURCE: OCEG GRC Capability Model Policies are a foundation for all aspects of GRC . . .
12© all rights reserved, www.GRC2020.com What is Your Approach to Policy Management?  An integrated approach that balances policy management centralization with distributed participation and collaboration Federated Policy Management  Disconnected departments managing policies in different ways with little or no collaboration with other departments Distributed Policy Management
13© all rights reserved, www.GRC2020.com Policy Management Maturity Improvement: a Top Down Approach Policy Management Strategy Policy Management Technology Policy Management Information Policy Management Process
14© all rights reserved, www.GRC2020.com Design a Suitable & Scalable System
15© all rights reserved, www.GRC2020.com GRC 20/20’s Effective Policy Management Lifecycle Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
16© all rights reserved, www.GRC2020.com Determine Policies that Need to be Changed Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
17© all rights reserved, www.GRC2020.com Draft the Policy, Review It, Edit It, and Approve It Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
18© all rights reserved, www.GRC2020.com Policy Team Approves Plan & Initiates Communication Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
19© all rights reserved, www.GRC2020.com Monitor & Enforce Involves Related Procedures, Controls, and Assessments Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
20© all rights reserved, www.GRC2020.com Preserve an Audit Trail and System of Records of All Policy Interactions VERSION (DATE/TIME) ASK & RESOLVE QUESTIONS MANAGE EXCEPTIONS UNDERSTAND CONTEXT PROVIDE AUDITABLE RECORDS DEMONSTRATE SEQUENCE MEET REQUIREMENTS REPEATABLE CYCLE Contact info@oceg.org for comments, reprints or licensing requests ©2017 OCEG
21© all rights reserved, www.GRC2020.com  Organizations often lack an auditable means of policy maintenance, communication, attestation, and training.  An ad hoc approach to policy management exposes the organization to significant liability.  If policy documentation doesn’t conform to an orderly style and structure the organization is not positioned to drive desired behaviors in corporate culture or enforce accountability. Technology Enables Efficient, Effective & Agile Policy & Training Management The bottom line: With today’s complex business operations, global expansion, and the ever changing legal, regulatory and compliance environments, a well-defined policy management program is vital to enable an organization to effectively develop and maintain the wide gamut of policies it needs to govern with integrity.
22© all rights reserved, www.GRC2020.com Policy Information Architecture Provides 360° Contextual Intelligence Strategic Financial Operational Preventive Corrective Detective Complaint Investigation Event Strategic Process Department Regulatory Values Contractual Code of Conduct Training & Awareness Policies & Procedures Owner Employee Subject Matter Expert Controls Risks Issues Roles Objectives Policies Obligations Organization Entity Asset Process
23© all rights reserved, www.GRC2020.com Policy Management Technology Enables Management of Policy Processes COLLABORATIONAUDIT TRAIL ENFORCEMENT MANAGEMENT REPORTING WORKFLOW & TASKS
24© all rights reserved, www.GRC2020.com Benefits of Technology
25© all rights reserved, www.GRC2020.com Deliver a Unified Company Policy Portal in the Format Needed
26© all rights reserved, www.GRC2020.com An Engaging User Experience for Policy Management
27© all rights reserved, www.GRC2020.com GRC 20/20‘S Policy Management Maturity Model AD HOC Existing policies are in a state of disorganization Oral tradition takes precedence over written policy Roles and responsibilities not defined No methodology Technology is scattered. 1 FRAGMENTED Policies are written but not maintained Little understanding of effectiveness of policies Policies are inconsistent in template and language No standardized methodology Technology is scattered DEFINED Key policies are managed and maintained within department Terms, templates, and style is consistent at department level Standardized methodology at department level Technology enabled INTEGRATED Silos of policies are begun to be broken down Cross-department methodology, style, template and process Use of policy technology across departments Integrated training and support AGILE Centralized policy management for entire organization Integrated learning environment Forms automation and helpline Integrated information with other GRC areas Accountability monitored 2 3 4 5 AD HOC FRAGMENTED DEFINED INTEGRATED AGILE
Questions? Michael Rasmussen, J.D. The GRC Pundit & OCEG Fellow mkras@grc2020.com +1.888.365.4560 Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org. GRC 20/20 Newsletter LinkedIn: GRC 20/20 Blog: GRC Pundit Twitter: GRCPundit LinkedIn: Michael Rasmussen
29© all rights reserved, www.GRC2020.com Helping you to build a modern Cyber Security and Compliance Culture
30© all rights reserved, www.GRC2020.com End to end cyber security and compliance solution
31© all rights reserved, www.GRC2020.com Contact: - metacompliance.com - info@metacompliance.com - +44 (0)28 7135 9777 - http://www.metacompliance.com/gdpr/gdpr-for-dummies/
Cornerstone of Privacy, Compliance and Information Security Management

Recommended

Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunityGrant Thornton LLP
 
Vendor Risk Mgmt Ravi-Licata
Vendor Risk Mgmt Ravi-LicataVendor Risk Mgmt Ravi-Licata
Vendor Risk Mgmt Ravi-LicataLena Licata
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
2018 State of the Network
2018 State of the Network2018 State of the Network
2018 State of the NetworkIDG
 
State of the CIO 2018
State of the CIO 2018State of the CIO 2018
State of the CIO 2018IDG
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-managementAmit Bhargava
 
Mitigate Risk with Better Plan Execution and Organizational Alignment
Mitigate Risk with Better Plan Execution and Organizational AlignmentMitigate Risk with Better Plan Execution and Organizational Alignment
Mitigate Risk with Better Plan Execution and Organizational AlignmentPaige Pulaski
 
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance PostureEVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance PostureMichele Collu
 

Recommended

Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunityGrant Thornton LLP
 
Vendor Risk Mgmt Ravi-Licata
Vendor Risk Mgmt Ravi-LicataVendor Risk Mgmt Ravi-Licata
Vendor Risk Mgmt Ravi-LicataLena Licata
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
2018 State of the Network
2018 State of the Network2018 State of the Network
2018 State of the NetworkIDG
 
State of the CIO 2018
State of the CIO 2018State of the CIO 2018
State of the CIO 2018IDG
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-managementAmit Bhargava
 
Mitigate Risk with Better Plan Execution and Organizational Alignment
Mitigate Risk with Better Plan Execution and Organizational AlignmentMitigate Risk with Better Plan Execution and Organizational Alignment
Mitigate Risk with Better Plan Execution and Organizational AlignmentPaige Pulaski
 
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance PostureEVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance PostureMichele Collu
 
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSureCloud
 
The Adaptive PMO: Manage and Maintain Change Management for long term success
The Adaptive PMO: Manage and Maintain Change Management for long term successThe Adaptive PMO: Manage and Maintain Change Management for long term success
The Adaptive PMO: Manage and Maintain Change Management for long term successKeyedIn Projects
 
Connecting the Dots Between Your HR Systems Strategy and Strategic HR
Connecting the Dots Between Your HR Systems Strategy and Strategic HRConnecting the Dots Between Your HR Systems Strategy and Strategic HR
Connecting the Dots Between Your HR Systems Strategy and Strategic HRAggregage
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
value and implications of master data management.pptx
value and implications of master data management.pptxvalue and implications of master data management.pptx
value and implications of master data management.pptxMuhammad Khalid
 
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566SAP Ariba Live 2018
 
Ross Aymami Strategic Work
Ross Aymami Strategic WorkRoss Aymami Strategic Work
Ross Aymami Strategic WorkRoss Aymamí
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
How to Innovate Risk Management and Customer Centricity
How to Innovate Risk Management and Customer CentricityHow to Innovate Risk Management and Customer Centricity
How to Innovate Risk Management and Customer CentricityDecision Management Solutions
 
What is a claims handling pilot?
What is a claims handling pilot?What is a claims handling pilot?
What is a claims handling pilot?Decision Management Solutions
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Element22
 
Molina Troux Worldwide Conference 2014
Molina Troux Worldwide Conference 2014Molina Troux Worldwide Conference 2014
Molina Troux Worldwide Conference 2014carybrown
 
Aug 2017 damaga-peter-vennel
Aug 2017 damaga-peter-vennelAug 2017 damaga-peter-vennel
Aug 2017 damaga-peter-vennelPeter Vennel PMP,SCEA,CBIP,CDMP
 
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...Gretchen Wilson
 
Project Governance - Past, Present and Future the Key to Success slides.pdf
Project Governance - Past, Present and Future the Key to Success slides.pdfProject Governance - Past, Present and Future the Key to Success slides.pdf
Project Governance - Past, Present and Future the Key to Success slides.pdfAssociation for Project Management
 
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...Wellingtone
 
7 Grc Myths Webinar 20110127 Final (2)
7 Grc Myths Webinar 20110127 Final (2)7 Grc Myths Webinar 20110127 Final (2)
7 Grc Myths Webinar 20110127 Final (2)GBBLUME
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Business and IT Alignment Case Study
Business and IT Alignment Case StudyBusiness and IT Alignment Case Study
Business and IT Alignment Case StudyBruce McCullough
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

More Related Content

Similar to Cornerstone of Privacy, Compliance and Information Security Management

SMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSureCloud
 
The Adaptive PMO: Manage and Maintain Change Management for long term success
The Adaptive PMO: Manage and Maintain Change Management for long term successThe Adaptive PMO: Manage and Maintain Change Management for long term success
The Adaptive PMO: Manage and Maintain Change Management for long term successKeyedIn Projects
 
Connecting the Dots Between Your HR Systems Strategy and Strategic HR
Connecting the Dots Between Your HR Systems Strategy and Strategic HRConnecting the Dots Between Your HR Systems Strategy and Strategic HR
Connecting the Dots Between Your HR Systems Strategy and Strategic HRAggregage
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
value and implications of master data management.pptx
value and implications of master data management.pptxvalue and implications of master data management.pptx
value and implications of master data management.pptxMuhammad Khalid
 
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566SAP Ariba Live 2018
 
Ross Aymami Strategic Work
Ross Aymami Strategic WorkRoss Aymami Strategic Work
Ross Aymami Strategic WorkRoss Aymamí
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
How to Innovate Risk Management and Customer Centricity
How to Innovate Risk Management and Customer CentricityHow to Innovate Risk Management and Customer Centricity
How to Innovate Risk Management and Customer CentricityDecision Management Solutions
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Element22
 
Molina Troux Worldwide Conference 2014
Molina Troux Worldwide Conference 2014Molina Troux Worldwide Conference 2014
Molina Troux Worldwide Conference 2014carybrown
 
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...Gretchen Wilson
 
Project Governance - Past, Present and Future the Key to Success slides.pdf
Project Governance - Past, Present and Future the Key to Success slides.pdfProject Governance - Past, Present and Future the Key to Success slides.pdf
Project Governance - Past, Present and Future the Key to Success slides.pdfAssociation for Project Management
 
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...Wellingtone
 
7 Grc Myths Webinar 20110127 Final (2)
7 Grc Myths Webinar 20110127 Final (2)7 Grc Myths Webinar 20110127 Final (2)
7 Grc Myths Webinar 20110127 Final (2)GBBLUME
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
 
Business and IT Alignment Case Study
Business and IT Alignment Case StudyBusiness and IT Alignment Case Study
Business and IT Alignment Case StudyBruce McCullough
 

Similar to Cornerstone of Privacy, Compliance and Information Security Management (20)

SMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloud
 
The Adaptive PMO: Manage and Maintain Change Management for long term success
The Adaptive PMO: Manage and Maintain Change Management for long term successThe Adaptive PMO: Manage and Maintain Change Management for long term success
The Adaptive PMO: Manage and Maintain Change Management for long term success
 
Connecting the Dots Between Your HR Systems Strategy and Strategic HR
Connecting the Dots Between Your HR Systems Strategy and Strategic HRConnecting the Dots Between Your HR Systems Strategy and Strategic HR
Connecting the Dots Between Your HR Systems Strategy and Strategic HR
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
value and implications of master data management.pptx
value and implications of master data management.pptxvalue and implications of master data management.pptx
value and implications of master data management.pptx
 
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
Aligning Procurement and Payables to Strengthen Your Supply Chain - 56566
 
Ross Aymami Strategic Work
Ross Aymami Strategic WorkRoss Aymami Strategic Work
Ross Aymami Strategic Work
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
 
How to Innovate Risk Management and Customer Centricity
How to Innovate Risk Management and Customer CentricityHow to Innovate Risk Management and Customer Centricity
How to Innovate Risk Management and Customer Centricity
 
What is a claims handling pilot?
What is a claims handling pilot?What is a claims handling pilot?
What is a claims handling pilot?
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
 
Molina Troux Worldwide Conference 2014
Molina Troux Worldwide Conference 2014Molina Troux Worldwide Conference 2014
Molina Troux Worldwide Conference 2014
 
Aug 2017 damaga-peter-vennel
Aug 2017 damaga-peter-vennelAug 2017 damaga-peter-vennel
Aug 2017 damaga-peter-vennel
 
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
Death of a Salesman:The Value of Information in Lieu of Sales - Executive Su...
 
Project Governance - Past, Present and Future the Key to Success slides.pdf
Project Governance - Past, Present and Future the Key to Success slides.pdfProject Governance - Past, Present and Future the Key to Success slides.pdf
Project Governance - Past, Present and Future the Key to Success slides.pdf
 
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
FuturePMO 2018 - Michael Cooch PwC - The Future of Work - A Closer Look at Ar...
 
7 Grc Myths Webinar 20110127 Final (2)
7 Grc Myths Webinar 20110127 Final (2)7 Grc Myths Webinar 20110127 Final (2)
7 Grc Myths Webinar 20110127 Final (2)
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
 
Business and IT Alignment Case Study
Business and IT Alignment Case StudyBusiness and IT Alignment Case Study
Business and IT Alignment Case Study
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Cornerstone of Privacy, Compliance and Information Security Management

  • 1.
  • 2. 2© all rights reserved, www.GRC2020.com James Mackay, Chief Revenue Officer Michael Rasmussen, J.D., GRCP, CCEP GRC Pundit
  • 3. 3© all rights reserved, www.GRC2020.com Key Takeaways: - User engagement is a critical part of a successful policy management system - Consistency is critical to define clear rules of approach to Policy creation - Policy awareness enables a dialogue on important issues that can typically be forgotten in the day to day running of a business - Policy management has become a critical part of organisational oversight
  • 4. Policies Cornerstone of Privacy, Compliance and Information Security Management Michael Rasmussen, J.D., GRCP, CCEP The GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.OCEG.org
  • 5. 5© all rights reserved, www.GRC2020.com Policy Management Pressures • Brainstorm all potential stakeholders, individuals and groups associated with the project. ETHICS THREATS MEDIA PCI DSS IT PROJECTS RELIABLY ACHIEVE OBJECTIVES REPUTATION & BRAND
  • 6. 6© all rights reserved, www.GRC2020.com Realize that everything connects to everything else. Leonardo da Vinci
  • 7. 7© all rights reserved, www.GRC2020.com The Chaos of Risk Interconnectedness
  • 8. 8© all rights reserved, www.GRC2020.com Change is the Greatest Challenge Impacting Policy Management
  • 9. 9© all rights reserved, www.GRC2020.com … Confusing Policy Management User Experience
  • 10. 10© all rights reserved, www.GRC2020.com Policy Discovery & Inventory: Do You Know Where Your Policies Are?
  • 11. 11© all rights reserved, www.GRC2020.com Titelmasterformat durch Klicken bearbeiten GRC is the integrated collection of capabilities that enable an organization to: G) reliably achieve objectives R) while addressing uncertainty and C) acting with integrity. SOURCE: OCEG GRC Capability Model Policies are a foundation for all aspects of GRC . . .
  • 12. 12© all rights reserved, www.GRC2020.com What is Your Approach to Policy Management?  An integrated approach that balances policy management centralization with distributed participation and collaboration Federated Policy Management  Disconnected departments managing policies in different ways with little or no collaboration with other departments Distributed Policy Management
  • 13. 13© all rights reserved, www.GRC2020.com Policy Management Maturity Improvement: a Top Down Approach Policy Management Strategy Policy Management Technology Policy Management Information Policy Management Process
  • 14. 14© all rights reserved, www.GRC2020.com Design a Suitable & Scalable System
  • 15. 15© all rights reserved, www.GRC2020.com GRC 20/20’s Effective Policy Management Lifecycle Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
  • 16. 16© all rights reserved, www.GRC2020.com Determine Policies that Need to be Changed Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
  • 17. 17© all rights reserved, www.GRC2020.com Draft the Policy, Review It, Edit It, and Approve It Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
  • 18. 18© all rights reserved, www.GRC2020.com Policy Team Approves Plan & Initiates Communication Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
  • 19. 19© all rights reserved, www.GRC2020.com Monitor & Enforce Involves Related Procedures, Controls, and Assessments Determine Need Measure & Maintain Monitor & Enforce Communicate & Train Develop & Approve1 2 3 4 5
  • 20. 20© all rights reserved, www.GRC2020.com Preserve an Audit Trail and System of Records of All Policy Interactions VERSION (DATE/TIME) ASK & RESOLVE QUESTIONS MANAGE EXCEPTIONS UNDERSTAND CONTEXT PROVIDE AUDITABLE RECORDS DEMONSTRATE SEQUENCE MEET REQUIREMENTS REPEATABLE CYCLE Contact info@oceg.org for comments, reprints or licensing requests ©2017 OCEG
  • 21. 21© all rights reserved, www.GRC2020.com  Organizations often lack an auditable means of policy maintenance, communication, attestation, and training.  An ad hoc approach to policy management exposes the organization to significant liability.  If policy documentation doesn’t conform to an orderly style and structure the organization is not positioned to drive desired behaviors in corporate culture or enforce accountability. Technology Enables Efficient, Effective & Agile Policy & Training Management The bottom line: With today’s complex business operations, global expansion, and the ever changing legal, regulatory and compliance environments, a well-defined policy management program is vital to enable an organization to effectively develop and maintain the wide gamut of policies it needs to govern with integrity.
  • 22. 22© all rights reserved, www.GRC2020.com Policy Information Architecture Provides 360° Contextual Intelligence Strategic Financial Operational Preventive Corrective Detective Complaint Investigation Event Strategic Process Department Regulatory Values Contractual Code of Conduct Training & Awareness Policies & Procedures Owner Employee Subject Matter Expert Controls Risks Issues Roles Objectives Policies Obligations Organization Entity Asset Process
  • 23. 23© all rights reserved, www.GRC2020.com Policy Management Technology Enables Management of Policy Processes COLLABORATIONAUDIT TRAIL ENFORCEMENT MANAGEMENT REPORTING WORKFLOW & TASKS
  • 24. 24© all rights reserved, www.GRC2020.com Benefits of Technology
  • 25. 25© all rights reserved, www.GRC2020.com Deliver a Unified Company Policy Portal in the Format Needed
  • 26. 26© all rights reserved, www.GRC2020.com An Engaging User Experience for Policy Management
  • 27. 27© all rights reserved, www.GRC2020.com GRC 20/20‘S Policy Management Maturity Model AD HOC Existing policies are in a state of disorganization Oral tradition takes precedence over written policy Roles and responsibilities not defined No methodology Technology is scattered. 1 FRAGMENTED Policies are written but not maintained Little understanding of effectiveness of policies Policies are inconsistent in template and language No standardized methodology Technology is scattered DEFINED Key policies are managed and maintained within department Terms, templates, and style is consistent at department level Standardized methodology at department level Technology enabled INTEGRATED Silos of policies are begun to be broken down Cross-department methodology, style, template and process Use of policy technology across departments Integrated training and support AGILE Centralized policy management for entire organization Integrated learning environment Forms automation and helpline Integrated information with other GRC areas Accountability monitored 2 3 4 5 AD HOC FRAGMENTED DEFINED INTEGRATED AGILE
  • 28. Questions? Michael Rasmussen, J.D. The GRC Pundit & OCEG Fellow mkras@grc2020.com +1.888.365.4560 Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org. GRC 20/20 Newsletter LinkedIn: GRC 20/20 Blog: GRC Pundit Twitter: GRCPundit LinkedIn: Michael Rasmussen
  • 29. 29© all rights reserved, www.GRC2020.com Helping you to build a modern Cyber Security and Compliance Culture
  • 30. 30© all rights reserved, www.GRC2020.com End to end cyber security and compliance solution
  • 31. 31© all rights reserved, www.GRC2020.com Contact: - metacompliance.com - info@metacompliance.com - +44 (0)28 7135 9777 - http://www.metacompliance.com/gdpr/gdpr-for-dummies/

Editor's Notes

  1. 27